<?php
   $uid=isset($_COOKIE["UID"])?$_COOKIE["UID"]:"";

   $name	= htmlentities(isset($_POST["name"])?$_POST["name"]:"",ENT_QUOTES);
   $company	= htmlentities(isset($_POST["company"])?$_POST["company"]:"",ENT_QUOTES);
   $rtime	= htmlentities(isset($_POST["rtime"])?$_POST["rtime"]:"",ENT_QUOTES);
   $etime	= htmlentities(isset($_POST["etime"])?$_POST["etime"]:"",ENT_QUOTES);
   $email	= htmlentities(isset($_POST["email"])?$_POST["email"]:"",ENT_QUOTES);
   $description	= htmlentities(isset($_POST["description"])?$_POST["description"]:"",ENT_QUOTES);

   $act=isset($_GET["act"])? $_GET["act"]:"";
   $pid=isset($_GET["pid"])? $_GET["pid"]:"";
   $type=isset($_GET["type"])? $_GET["type"]:"";



if($uid!="")
{
   include "mysql.inc.php";
   include "user.inc.php";

   $m=new CMySQL($dbserver,$dbuser,$dbpsd,$dbname);

   if($type=="edit")//edit a project
   {
      if($act=="save")
      {
         if($name && $company && rtime && $etime && $email && $description)
         {
             $sql="update projects set PNAME='$name',COMPANY='$company',RTIME='$rtime',ETIME='$etime',CEMAIL='$email',MEMO='$description' where UID=$uid AND PID=$pid";
             $m->DoQueryNoReturn($sql);

             if($m->GetErrorNo()==0)
                header("Location:myproject.php");
             else echo "Something wrong with your input: ".$m->GetErrorString();
         }
         else
         {
            echo "Please complete the form";
         }
      }
      else
      {
          $sql="select * from projects where UID=$uid and PID=$pid";
          $prj=$m->DoQuery($sql);
          if(count($prj)==1)
          {
              $pid=$prj[0]["PID"];
              $name=$prj[0]["PNAME"];
              $company=$prj[0]["COMPANY"];
              $rtime=$prj[0]["RTIME"];
              $etime=$prj[0]["ETIME"];
              $email=$prj[0]["CEMAIL"];
              $description=$prj[0]["MEMO"];
          }
      }
   }
   else//new project
   {
      if($act=="save")
      {
         if($name && $company && rtime && $etime && $email && $description)
         {
             $sql="insert into projects values(NULL,$uid,'$name','$company','$rtime','$etime','$email','$description')";
             $m->DoQueryNoReturn($sql);

             if($m->GetErrorNo()==0)
                header("Location:myproject.php");
             else echo "Something wrong with your input: ".$m->GetErrorString();
         }
         else
         {
            echo "Please complete the form";
         }
      }
   }
}
else header("Location:login.php");
?>
<form action=newproject.php?type=<?php echo $type;?>&act=save&pid=<?php echo $pid;?> method=POST>
<table width="620" border="1" align="left">
  <tr>
    <th colspan="3" scope="col">New Project</th>
  </tr>
  <tr>
    <th width="123" scope="col">Name</th>
    <td><input type=hidden name=pid id=pid value="<?php echo $pid;?>"><input type="txt" name="name" id="name" value="<?php echo $name;?>"/></td>
    <th width="100" scope="col">&nbsp;</th>
  </tr>
  <tr>
    <th scope="row">Company</th>
    <td><input type="txt" name="company" id="company" value="<?php echo $company;?>" /></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th scope="row">Release Time</th>
    <td><input type="txt" name="rtime" id="rtime" value="<?php echo $rtime;?>" /></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th scope="row">Expired Time</th>
    <td><input type="txt" name="etime" id="etime"  value="<?php echo $etime;?>"/></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th scope="row">Email</th>
    <td><input type="txt" name="email" id="email" value="<?php echo $email;?>" /></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th scope="row">Description</th>
    <td><textarea name="description" id="description" cols="40" rows="5"><?php echo $description;?></textarea></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th colspan="3" scope="row"><input type="submit" name="button4" id="button4" /></th>
  </tr>
</table>
</form>